Free UK Shipping For Order Spend £30+

Privacy policy

Last updated: May 2026

This Privacy Policy explains how Cangeroo Ltd (“Cangeroo”, “we”, “us” or “our”) collects, uses, stores and protects your personal data when you visit cangeroo.com, contact us, create an account, subscribe to marketing, or purchase products from us.

We are committed to protecting your privacy and handling your personal data in accordance with the UK General Data Protection Regulation (“UK GDPR”), the Data Protection Act 2018, and, where applicable, the Privacy and Electronic Communications Regulations (“PECR”).

1. Who We Are

The data controller responsible for your personal data is Cangeroo Ltd, operating the website cangeroo.com.

For privacy or data protection enquiries, please contact us at:

Email: sales@cangeroo.com
Contact form: cangeroo.com/pages/contact-us

2. Personal Data We Collect

We may collect and process the following categories of personal data:

Identity and Contact Data

  • Name
  • Email address
  • Phone number
  • Billing address
  • Delivery address

Order and Transaction Data

  • Products purchased
  • Order history
  • Delivery details
  • Returns and refund information
  • Payment method type and payment status

We do not store full payment card numbers. Payments are processed securely by our payment providers and Shopify’s payment systems.

Account Data

  • Account login details
  • Encrypted password information, where applicable
  • Account preferences

Technical and Usage Data

  • IP address
  • Browser type and version
  • Device type
  • Operating system
  • Pages visited
  • Time spent on our website
  • Referral source
  • Cookie and tracking preferences

Marketing and Communications Data

  • Your marketing preferences
  • Your communication preferences
  • Messages you send to us by email, contact form, social media or other channels

We do not intentionally collect special category personal data, such as health data, biometric data, religious beliefs, political opinions or trade union membership. We also do not knowingly collect personal data from children under the age of 16. If you believe a child has provided personal data to us, please contact us so we can take appropriate action.

3. How We Collect Your Data

We collect personal data in the following ways:

  • Directly from you when you place an order, create an account, contact us, complete a form, subscribe to marketing or request customer support.
  • Automatically when you browse our website, through cookies, pixels, analytics tools and similar technologies, subject to your cookie preferences where required.
  • From service providers such as Shopify, payment processors, delivery partners, analytics providers and advertising platforms.
  • From publicly available or third-party sources where permitted by law, such as fraud prevention or identity verification services.

4. How We Use Your Personal Data

We use your personal data for the following purposes:

  • To process, fulfil and deliver your orders
  • To take payment and manage refunds
  • To provide order confirmations, delivery updates and customer service messages
  • To create and manage customer accounts
  • To respond to enquiries, complaints and support requests
  • To process returns and refunds
  • To prevent fraud, misuse of our website and unauthorised transactions
  • To comply with legal, tax, accounting and regulatory obligations
  • To improve our website, products, services and customer experience
  • To send marketing communications where permitted by law
  • To measure the effectiveness of our advertising and marketing campaigns
  • To show relevant advertising, where you have provided any required consent

5. Lawful Bases for Processing

Under UK GDPR, we must have a lawful basis for processing your personal data. Depending on the purpose, we rely on one or more of the following lawful bases:

  • Contract: where processing is necessary to fulfil your order, arrange delivery, manage your account or provide customer support connected to your purchase.
  • Legal obligation: where processing is necessary to comply with tax, accounting, consumer protection, fraud prevention or other legal obligations.
  • Legitimate interests: where processing is necessary for our legitimate business interests, provided your rights and freedoms do not override those interests. This may include improving our website, preventing fraud, responding to customer enquiries, managing business records and sending certain service communications.
  • Consent: where you have given consent, such as for email marketing, SMS marketing, analytics cookies or advertising cookies where required. You can withdraw consent at any time.

6. Marketing Communications

If you subscribe to our newsletter, opt in at checkout or otherwise give us permission, we may send you marketing communications about Cangeroo products, offers, promotions and updates.

You can unsubscribe from marketing at any time by:

  • Clicking the unsubscribe link in any marketing email
  • Contacting us at sales@cangeroo.com

We will not sell your personal data to third parties for their own marketing purposes.

We may still send you non-marketing service messages, such as order confirmations, delivery updates, account notices, return updates or important information about your purchase.

7. Cookies and Similar Technologies

We use cookies and similar technologies on cangeroo.com. Cookies are small files placed on your device that help our website function, improve performance, remember preferences and support analytics or advertising.

We may use the following types of cookies:

  • Essential cookies: required for the website to operate, including shopping basket, checkout, security and account login functions. These cookies cannot usually be switched off.
  • Analytics cookies: used to understand how visitors use our website and to help us improve it. These are used only where required consent has been obtained.
  • Marketing cookies and pixels: used to measure advertising performance and show relevant advertising on platforms such as Google, Meta or other advertising networks. These are used only where required consent has been obtained.
  • Preference cookies: used to remember your settings and preferences, where applicable.

You can manage your cookie preferences through our cookie banner or cookie settings tool, where available. You can also adjust your browser settings to block or delete cookies. Please note that disabling some cookies may affect how our website functions.

Where required by law, non-essential cookies will not be placed on your device unless you have given consent.

8. Who We Share Your Data With

We only share your personal data where necessary and where we have an appropriate lawful basis to do so.

We may share personal data with:

  • Shopify: our ecommerce platform provider, which helps us operate our online store, checkout and order management.
  • Payment providers: to securely process payments, refunds and fraud checks.
  • Delivery and logistics partners: to deliver your order and manage shipping updates.
  • Email and marketing service providers: to send newsletters, marketing emails or customer communications where permitted.
  • Analytics providers: to understand website performance and customer behaviour, subject to cookie consent where required.
  • Advertising platforms: such as Google or Meta, to measure and deliver advertising, subject to cookie consent where required.
  • Professional advisers: such as accountants, insurers, legal advisers or business consultants.
  • Authorities, regulators or law enforcement: where required by law or where necessary to protect our rights, customers or business.
  • Business transfer parties: if we sell, merge, restructure or transfer all or part of our business or assets.

We require service providers acting on our behalf to protect your personal data and use it only for the purposes we instruct.

9. Shopify and Third-Party Services

Our store is hosted by Shopify. Shopify provides us with the ecommerce platform that allows us to sell products and services to you.

When you place an order, your personal data may be processed by Shopify and its service providers to operate checkout, payments, fraud prevention, order management, hosting and related ecommerce services.

Other third-party services used by our store may have their own privacy information. Where you interact directly with a third-party service, their privacy policy may also apply.

10. International Data Transfers

Some of our service providers may process personal data outside the United Kingdom. This may include Shopify and other technology, payment, analytics, marketing or support providers.

Where personal data is transferred outside the UK, we will ensure appropriate safeguards are in place as required by UK GDPR. These may include:

  • An adequacy decision or adequacy regulation confirming that the destination provides an adequate level of protection
  • UK-approved standard contractual clauses or an International Data Transfer Agreement
  • Other safeguards permitted under UK data protection law

Shopify is headquartered in Canada, which has been recognised by the UK as providing an adequate level of protection for certain transfers of personal data.

11. Data Retention

We keep personal data only for as long as necessary for the purposes described in this Privacy Policy, including to meet legal, accounting, tax, reporting and regulatory requirements.

Our typical retention periods are:

  • Order and transaction records: up to 7 years for tax, accounting and legal record-keeping purposes.
  • Customer account data: for as long as your account remains active, then for a reasonable period after closure where required for legal, fraud prevention or customer service purposes.
  • Marketing data: until you unsubscribe or withdraw consent, plus a suppression record to ensure we do not contact you again where required.
  • Customer service and communications data: up to 3 years from your last contact with us, unless a longer period is required for legal or dispute purposes.
  • Analytics data: for the period set by the relevant analytics provider or cookie settings, typically up to 26 months where applicable.
  • Cookie consent records: for as long as needed to evidence your cookie choices and comply with legal obligations.

When personal data is no longer needed, we will delete it, anonymise it or securely archive it.

12. Your UK GDPR Rights

Under UK data protection law, you may have the following rights in relation to your personal data:

  • Right of access: to request a copy of the personal data we hold about you.
  • Right to rectification: to ask us to correct inaccurate or incomplete personal data.
  • Right to erasure: to ask us to delete your personal data in certain circumstances.
  • Right to restriction: to ask us to restrict processing in certain circumstances.
  • Right to data portability: to request personal data in a structured, commonly used and machine-readable format in certain circumstances.
  • Right to object: to object to processing based on legitimate interests or to object to direct marketing.
  • Right to withdraw consent: where we rely on consent, you can withdraw it at any time.
  • Rights relating to automated decision-making: not to be subject to solely automated decisions that have a legal or similarly significant effect, unless permitted by law.

To exercise your rights, please contact us at sales@cangeroo.com.

We will usually respond within one calendar month. We may need to verify your identity before fulfilling your request. In some cases, we may be entitled to refuse a request or charge a reasonable fee where permitted by law, for example if a request is manifestly unfounded or excessive.

13. Complaints

If you are unhappy with how we handle your personal data, please contact us first so we can try to resolve the issue.

You also have the right to complain to the UK Information Commissioner’s Office (“ICO”), the UK regulator for data protection matters:

Website: ico.org.uk
Phone: 0303 123 1113

14. Security

We take appropriate technical and organisational measures to protect personal data against unauthorised access, loss, misuse, alteration or disclosure.

Our website uses SSL/TLS encryption. Payments are processed through secure payment systems. We do not store full payment card numbers.

However, no method of transmission over the internet or electronic storage is completely secure, so we cannot guarantee absolute security.

15. Links to Other Websites

Our website may contain links to third-party websites, apps or services. We are not responsible for the privacy practices, content or security of those third-party websites. You should read their privacy policies before providing them with personal data.

16. Changes to This Privacy Policy

We may update this Privacy Policy from time to time. Any changes will be posted on this page with an updated “Last updated” date.

We encourage you to review this Privacy Policy regularly to stay informed about how we handle your personal data.

17. Contact Us

For questions about this Privacy Policy or how we handle your personal data, please contact us:

Email: sales@cangeroo.com
Contact form: cangeroo.com/pages/contact-us